gitlab-ci-values-dex.yml

rbac:
  create: false
ingress:
  enabled: true
  hosts:
    - host: auth.__DOMAIN__
      paths:
        - path: /dex
          pathType: ImplementationSpecific
  tls:
    - hosts:
        - auth.__DOMAIN__
      secretName: dex-acme.tls
  annotations:
    cert-manager.io/cluster-issuer: acme-issuer
    nginx.ingress.kubernetes.io/enable-cors: "true"
    nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, OPTIONS"
    nginx.ingress.kubernetes.io/cors-allow-origin: "*"
    nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
config:
  web:
    allowedOrigins: ['*']
  connectors:
  - type: ldap
    id: ldap
    name: LDAP
    config:
      host: ldap-openldap:389
      insecureNoSSL: true
      bindDN: uid=dex,ou=sa,dc=example,dc=com
      bindPW: dex123
      usernamePrompt: SSO Username
      userSearch:
        baseDN: ou=users,dc=example,dc=com
        filter: "(objectClass=inetOrgPerson)"
        username: cn
        idAttr: cn
        emailAttr: mail
        nameAttr: cn
      groupSearch:
        baseDN: ou=groups,dc=example,dc=com
        filter: "(objectClass=groupOfNames)"
        userMatchers:
          - userAttr: DN
            groupAttr: member
        nameAttr: cn
  storage:
    type: sqlite3
    #type: kubernetes
    config:
      file: /var/dex/dex.db
      #inCluster: true
  issuer: https://auth.__DOMAIN__/dex
  staticClients:
  - id: exphost-controller
    name: exphost-controller
    redirectURIs:
    - https://__DOMAIN__/console/oauth2/callback
    secret: Yp4fGf79FutdBDJArQqxhUiVbufVxjzu